Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
Description: Java reflect give poor performance on getter setter an constructor calls,
accessors-smart use ASM to speed up those calls.
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\accessors-smart-1.1.jar
Description:
JavaBeans Activation Framework (JAF) is a standard extension to the Java platform that lets you take advantage of standard services to: determine the type of an arbitrary piece of data; encapsulate access to it; discover the operations available on it; and instantiate the appropriate bean to perform the operation(s).
License:
Common Development and Distribution License (CDDL) v1.0: https://glassfish.dev.java.net/public/CDDLv1.0.htmlFile Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\activation-1.1.jar
Description:
JSON (JavaScript Object Notation) is a lightweight data-interchange format.
This is the org.json compatible Android implementation extracted from the Android SDK
License:
Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\android-json-0.0.20131108.vaadin1.jar
Severity:
Medium
CVSS Score: 5.8 (AV:N/AC:M/Au:N/C:N/I:P/A:P)
CWE: CWE-200 Information Exposure
net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-window attack.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.3 (AV:A/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors
The get_option function in dhcpcd 4.0.0 through 6.x before 6.4.3 allows remote DHCP servers to cause a denial of service by resetting the DHO_OPTIONSOVERLOADED option in the (1) bootfile or (2) servername section, which triggers the option to be processed again.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-94 Improper Control of Generation of Code ('Code Injection')
java/android/webkit/BrowserFrame.java in Android before 4.4 uses the addJavascriptInterface API in conjunction with creating an object of the SearchBoxImpl class, which allows attackers to execute arbitrary Java code by leveraging access to the searchBoxJavaBridge_ interface at certain Android API levels.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-310 Cryptographic Issues
The engineNextBytes function in classlib/modules/security/src/main/java/common/org/apache/harmony/security/provider/crypto/SHA1PRNG_SecureRandomImpl.java in the SecureRandom implementation in Apache Harmony through 6.0M3, as used in the Java Cryptography Architecture (JCA) in Android before 4.4 and other products, when no seed is provided by the user, uses an incorrect offset value, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging the resulting PRNG predictability, as exploited in the wild against Bitcoin wallet applications in August 2013.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-20 Improper Input Validation
WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to non-standard NaN representation.
Vulnerable Software & Versions: (show all)
Description:
A framework for constructing recognizers, compilers,
and translators from grammatical descriptions containing
Java, C#, C++, or Python actions.
License:
BSD License: http://www.antlr.org/license.htmlFile Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\antlr-2.7.7.jar
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\asm-5.0.3.jar
MD5: ccebee99fb8cdd50e1967680a2eac0ba
SHA1: dcc2193db20e19e1feca8b1240dbbc4e190824fa
Description: The AspectJ weaver introduces advices to java classes
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/legal/epl-v10.htmlFile Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\aspectjweaver-1.8.10.jar
Description: Rich and fluent assertions for testing
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\assertj-core-2.6.0.jar
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\automaton-1.11-8.jar
MD5: 3467dcbbba2fe68a4e07a5826988e034
SHA1: 6ebfa65eb431ff4b715a23be7a750cbc4cc96d0f
Description: The Bouncy Castle Java APIs for CMS, PKCS, EAC, TSP, CMP, CRMF, OCSP, and certificate generation. This jar contains APIs for JDK 1.5 to JDK 1.8. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs.
License:
Bouncy Castle Licence: http://www.bouncycastle.org/licence.htmlFile Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\bcpkix-jdk15on-1.56.jar
Description: The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 to JDK 1.8.
License:
Bouncy Castle Licence: http://www.bouncycastle.org/licence.htmlFile Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\bcprov-jdk15on-1.56.jar
Description: Library for introspecting types with full generic information
including resolving of field and method types.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\classmate-1.3.3.jar
Description: The CRaSH command line interface module
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\crash.cli-1.3.2.jar
MD5: e662250718bdef1d292b3214a4d34414
SHA1: 98101f8591be8612ddd5fec2ae884c3f1026eddc
Description: The CRaSH SSH connector
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\crash.connectors.ssh-1.3.2.jar
MD5: 53a418c6a6023b8cd37592e7c9b29867
SHA1: 03705258c976ddc428ad0d72be99bc4f7891c408
Description: The CRaSH Spring integration module
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\crash.embed.spring-1.3.2.jar
MD5: 4145f01d4378327efe25c1bbf6fbce11
SHA1: 6ca5b3cffe798ad4b9b42356b4af179e9f21891e
Description: TODO
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\crash.plugins.cron-1.3.2.jar
MD5: 78f61398079b02353be6970edf53520e
SHA1: 40a5063e6c930ede0ce1d59baf592b7bdcafb1ff
Description: This plugin allows to integrate JavaMail in CRaSH and provides a mail command
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\crash.plugins.mail-1.3.2.jar
MD5: 1a68d553c5cb95401103029d95e7a8fa
SHA1: b88f401ff420b678d35328b685e23b7008741633
Description: The Shell module
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\crash.shell-1.3.2.jar
MD5: 4b0fde81235b9d073f21f43618e2cc3c
SHA1: 3bbaaa18968b9c25f850c7f0469cd8fc3fcd0b7e
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\crash.shell-1.3.2.jar\META-INF\native\windows32\jansi.dll
MD5: 1e56641bb68937f8e2020cbff5d04a08
SHA1: 97f6e12599bb5848867b9762184d055ed918ab2a
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\crash.shell-1.3.2.jar\META-INF\native\windows64\jansi.dll
MD5: fd3a20891286c958103f3ea07174cd3c
SHA1: 829195c9e338d5725cf304ae33fc209db53884eb
Description: cron4j is a scheduler for the Java platform which is very similar to the UNIX cron daemon.
License:
GNU General Lesser Public License (LGPL) version 2.1: http://www.gnu.org/licenses/lgpl-2.1.htmlFile Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\cron4j-2.2.5.jar
Description: dom4j: the flexible XML framework for Java
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\dom4j-1.6.1.jar
MD5: 4d8f51d3fe3900efc6e395be48030d6d
SHA1: 5d3ccc056b6f056dbf0dddfdf43894b9065a8f94
Description: Generex A Java Library for regex to Strings generation
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\generex-1.0.2.jar
Description: Groovy: A powerful, dynamic language for the JVM
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\groovy-2.4.10.jar
Severity:
Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-254 Security Features
main/java/org/apache/directory/groovyldap/LDAP.java in the Groovy LDAP API allows attackers to conduct LDAP entry poisoning attacks by leveraging setting returnObjFlag to true for all search methods.
Vulnerable Software & Versions:
Description:
Guava is a suite of core and expanded libraries that include
utility classes, google's collections, io classes, and much
much more.
Guava has only one code dependency - javax.annotation,
per the JSR-305 spec.
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\guava-20.0.jar
Description:
This is the core API of hamcrest matcher framework to be used by third-party framework providers. This includes the a foundation set of matcher implementations for common operations.
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\hamcrest-core-1.3.jar
MD5: 6393363b47ddcbba82321110c3e07519
SHA1: 42a25dc3219429f0e5d060061f71acb49bf010a0
Description:
Hamcrest library of matcher implementations.
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\hamcrest-library-1.3.jar
MD5: 110ad2ea84f7031a1798648b6b318e79
SHA1: 4785a3c21320980282f9f33d0d1264a69040538f
Description: Common reflection code used in support of annotation processing
License:
GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl-2.1.htmlFile Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\hibernate-commons-annotations-5.0.1.Final.jar
Description: The core O/RM functionality as provided by Hibernate
License:
GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl-2.1.htmlFile Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\hibernate-core-5.0.12.Final.jar
Description: Hibernate O/RM implementation of the JPA specification
License:
GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl-2.1.htmlFile Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\hibernate-entitymanager-5.0.12.Final.jar
Description: Clean-room definition of JPA APIs intended for use in developing Hibernate JPA implementation. See README.md for details
License:
Eclipse Public License (EPL), Version 1.0: http://www.eclipse.org/legal/epl-v10.html Eclipse Distribution License (EDL), Version 1.0: http://www.eclipse.org/org/documents/edl-v10.phpFile Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\hibernate-jpa-2.1-api-1.0.0.Final.jar
Description: Hibernate's Bean Validation (JSR-303) reference implementation.
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\hibernate-validator-5.3.5.Final.jar
Description: Core annotations used for value types, used by Jackson data binding package.
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\jackson-annotations-2.8.0.jar
Severity:
Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-918 Server-Side Request Forgery (SSRF)
XmlMapper in the Jackson XML dataformat component (aka jackson-dataformat-xml) before 2.7.8 and 2.8.x before 2.8.4 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors related to a DTD.
Vulnerable Software & Versions:
Description: Core Jackson abstractions, basic JSON streaming API implementation
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\jackson-core-2.8.8.jar
Severity:
Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-918 Server-Side Request Forgery (SSRF)
XmlMapper in the Jackson XML dataformat component (aka jackson-dataformat-xml) before 2.7.8 and 2.8.x before 2.8.4 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors related to a DTD.
Vulnerable Software & Versions:
Description: Parent POM for JBoss projects. Provides default project build configuration.
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\jandex-2.0.0.Final.jar
Description:
Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation
simple. It is a class library for editing bytecodes in Java.
License:
MPL 1.1: http://www.mozilla.org/MPL/MPL-1.1.html LGPL 2.1: http://www.gnu.org/licenses/lgpl-2.1.html Apache License 2.0: http://www.apache.org/licenses/File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\javassist-3.21.0-GA.jar
Description: JavaMail API
License:
https://glassfish.java.net/public/CDDL+GPL_1_1.htmlFile Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\javax.mail-1.5.6.jar
Description: Project GlassFish Java Transaction API
License:
CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.htmlFile Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\javax.transaction-api-1.2.jar
Description: The JBoss Logging Framework
License:
Apache License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\jboss-logging-3.3.1.Final.jar
Description: JCL 1.2 implemented over SLF4J
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\jcl-over-slf4j-1.7.25.jar
MD5: 56b22adc639b09b2e917f42d68b26600
SHA1: f8c32b13ff142a513eeb5b6330b1588dcb2c0461
Description:
Jpam is a Java-PAM bridge. PAM, or Pluggable Authentication Modules, is a standard security architecture used on Linux, Solaris, HP-UX, Mac OS X and other Unix systems.
License:
The Apache Software License, Version 2.0: http://jpam.sourceforge.net/LICENSE.txtFile Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\jpam-1.1.jar
Description: Java port of Stefan Goessner JsonPath.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\json-path-2.2.0.jar
Description:
JSON (JavaScript Object Notation) is a lightweight data-interchange format. It is easy for humans to read and write. It is easy for machines to parse and generate. It is based on a subset of the JavaScript Programming Language, Standard ECMA-262 3rd Edition - December 1999. JSON is a text format that is completely language independent but uses conventions that are familiar to programmers of the C-family of languages, including C, C++, C#, Java, JavaScript, Perl, Python, and many others. These properties make JSON an ideal data-interchange language.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\json-smart-2.2.1.jar
Description: A library to develop RESTful but flexible APIs
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\jsonassert-1.4.0.jar
Description: JUL to SLF4J bridge
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\jul-to-slf4j-1.7.25.jar
MD5: ab28124cb05fec600f2ffe37b94629e0
SHA1: 0af5364cd6679bfffb114f0dec8a157aaa283b76
Description: JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.
License:
Eclipse Public License 1.0: http://www.eclipse.org/legal/epl-v10.htmlFile Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\junit-4.12.jar
Description: Log4j implemented over SLF4J
License:
Apache Software Licenses: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\log4j-over-slf4j-1.7.25.jar
Description: logback-core module
License:
http://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.htmlFile Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\logback-core-1.1.11.jar
Description: Apache MINA is a network application framework which helps users develop high performance and highly scalable network applications easily. It provides an abstract event-driven asynchronous API over various transports such as TCP/IP and UDP/IP via Java NIO.
License:
http://www.apache.org/licenses/LICENSE-2.0File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\mina-core-2.0.7.jar
Description: Mock objects library for java
License:
The MIT License: http://github.com/mockito/mockito/blob/master/LICENSEFile Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\mockito-core-1.10.19.jar
Description: MySQL JDBC Type 4 driver
License:
The GNU General Public License, Version 2: http://www.gnu.org/licenses/old-licenses/gpl-2.0.htmlFile Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\mysql-connector-java-5.1.41.jar
Severity:
Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.3 (AV:N/AC:L/Au:M/C:N/I:P/A:N)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.0 (AV:L/AC:M/Au:S/C:P/I:P/A:N)
Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to Server Install.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)
Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, and 5.5.29 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Partition.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)
Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.1.63 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Types.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Locking.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 2.8 (AV:N/AC:M/Au:M/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Locking.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.30, has unspecified impact and attack vectors, a different vulnerability than CVE-2012-0553.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8 (AV:N/AC:L/Au:S/C:N/I:N/A:C)
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.6 (AV:L/AC:L/Au:N/C:C/I:C/A:N)
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows local users to affect confidentiality and integrity via unknown vectors related to Server Replication.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8 (AV:N/AC:L/Au:S/C:N/I:N/A:C)
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Information Schema.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote attackers to affect availability via unknown vectors related to Server Locking.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.5 (AV:N/AC:L/Au:S/C:P/I:P/A:N)
CWE: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.1.28 and earlier, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N)
CWE: CWE-255 Credentials Management
Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8 (AV:N/AC:L/Au:S/C:N/I:N/A:C)
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.65 and earlier and 5.5.27 and earlier allows remote authenticated users to affect availability, related to GIS Extension.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Replication.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8 (AV:N/AC:L/Au:S/C:N/I:N/A:C)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB Plugin.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Full Text Search.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 2.1 (AV:L/AC:L/Au:N/C:P/I:N/A:N)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows local users to affect confidentiality via unknown vectors related to Server Installation.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Protocol.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors
MySQL 5.1.x before 5.1.63 and 5.5.x before 5.5.24 allows remote authenticated users to cause a denial of service (mysqld crash) via vectors related to incorrect calculation and a sort order index.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8 (AV:N/AC:L/Au:S/C:N/I:N/A:C)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer, a different vulnerability than CVE-2012-1690.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote attackers to affect availability via unknown vectors.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.19 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer, a different vulnerability than CVE-2012-1703.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability, related to Server DML.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Buffer overflow in yaSSL, as used in MySQL 5.5.20 and possibly other versions including 5.5.x before 5.5.22 and 5.1.x before 5.1.62, allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VulnDisco Pack Professional 9.17. NOTE: as of 20120224, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. NOTE: due to lack of details, it is not clear whether this issue is a duplicate of CVE-2012-0492 or another CVE.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.60 and earlier, and 5.5.19 and earlier, allows remote authenticated users to affect availability, related to MyISAM.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.28, has unspecified impact and attack vectors, a different vulnerability than CVE-2013-1492.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier and 5.5.23 and earlier allows remote authenticated users to affect availability, related to GIS Extension.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 2.1 (AV:N/AC:H/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0485.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect availability via unknown vectors.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0492.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect confidentiality via unknown vectors.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0485, and CVE-2012-0492.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.9 (AV:N/AC:M/Au:S/C:P/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0113.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.9 (AV:N/AC:M/Au:S/C:P/I:P/A:N)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.0 (AV:L/AC:M/Au:S/C:P/I:P/A:N)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows local users to affect confidentiality and integrity via unknown vectors.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.5 (AV:N/AC:L/Au:S/C:P/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0118.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0087 and CVE-2012-0101.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0087 and CVE-2012-0102.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0101 and CVE-2012-0102.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 1.7 (AV:N/AC:H/Au:M/C:N/I:P/A:N)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect integrity via unknown vectors.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote attackers to affect availability via unknown vectors.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
The Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL 5.1 before 5.1.51 allows remote authenticated users to cause a denial of service (server crash) by calling the PolyFromWKB function with Well-Known Binary (WKB) data containing a crafted number of (1) line strings or (2) line points.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (infinite loop) via multiple invocations of a (1) prepared statement or (2) stored procedure that creates a query with nested JOIN statements.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments, which is not properly handled when the function's result is "processed using an intermediate temporary table."
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors
MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier, probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors
MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation, pre-evaluation of LIKE predicates, and IN Optimizers.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-189 Numeric Errors
MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (mysqld server crash) by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY, then causing the expression value to be used after the table is created, which causes the expression to be re-evaluated instead of accessing its value from the table.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to "materializing a derived table that required a temporary table for grouping" and "user variable assignments."
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors
MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 does not properly propagate type errors, which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST, related to KILL_BAD_DATA and a "CREATE TABLE ... SELECT."
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 sends an OK packet when a LOAD DATA INFILE request generates SQL errors, which allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a crafted request.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using EXPLAIN with crafted "SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...)" statements, which triggers a NULL pointer dereference in the Item_singlerow_subselect::store function.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using the HANDLER interface and performing "alternate reads from two indexes on a table," which triggers an assertion failure.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by creating temporary tables with nullable columns while using InnoDB, which triggers an assertion failure.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors
Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via certain arguments to the BINLOG command, which triggers an access of uninitialized memory, as demonstrated by valgrind.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors
Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (crash) via (1) IN or (2) CASE operations with NULL arguments that are explicitly specified or indirectly provided by the WITH ROLLUP modifier.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors
Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a join query that uses a table with a unique SET column.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
storage/innobase/dict/dict0crea.c in mysqld in Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (assertion failure) by modifying the (1) innodb_file_format or (2) innodb_file_per_table configuration parameters for the InnoDB storage engine, then executing a DDL statement.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation
MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Buffer overflow in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to execute arbitrary code via a COM_FIELD_LIST command with a long table name.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
The my_net_skip_rest function in sql/net_serv.cc in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by sending a large number of packets that exceed the maximum length.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a .. (dot dot) in a table name.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.6 (AV:L/AC:L/Au:N/C:N/I:P/A:P)
CWE: CWE-59 Improper Link Resolution Before File Access ('Link Following')
MySQL before 5.1.46 allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command, a different vulnerability than CVE-2008-4098 and CVE-2008-7247.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The mysql_uninstall_plugin function in sql/sql_plugin.cc in MySQL 5.1 before 5.1.46 does not check privileges before uninstalling a plugin, which allows remote attackers to uninstall arbitrary plugins via the UNINSTALL PLUGIN command.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x before 5.1.50, when running in certain slave configurations in which the slave is running a newer version than the master, allows remote attackers to execute arbitrary SQL commands via custom comments.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.6 (AV:N/AC:H/Au:S/C:P/I:P/A:P)
CWE: CWE-59 Improper Link Resolution Before File Access ('Link Following')
MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.6 (AV:N/AC:H/Au:S/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls
MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp.
Vulnerable Software & Versions: (show all)
Description: A library for instantiating Java objects
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\objenesis-2.1.jar
Description: The slf4j API
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\slf4j-api-1.7.25.jar
MD5: caafe376afb7086dcbee79f780394ca3
SHA1: da76ca59f6a57ee3102f8f9bd9cee742973efa8a
Description: SLF4J NOP Binding
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\slf4j-nop-1.7.25.jar
MD5: cd6179c6efe79f6033d3ca013481aaf5
SHA1: 8c7708c79afec923de8957b7d4f90177628b9fcd
Description: YAML 1.1 parser and emitter for Java
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\snakeyaml-1.17.jar
Description: Spring AOP
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-aop-4.3.8.RELEASE.jar
Description: Spring Aspects
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-aspects-4.3.8.RELEASE.jar
Description: Spring Beans
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-beans-4.3.8.RELEASE.jar
Description: Spring Boot
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-boot-1.5.3.RELEASE.jar
MD5: 36bbf6aff3f56046cf4f8ac9373886be
SHA1: 5fedde3489afd5dbd82f9122aaec4c9f6da3d564
Description: Spring Boot Actuator
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-boot-actuator-1.5.3.RELEASE.jar
MD5: 1af39c61c8ff6bbfbf5e65d9d75a78f6
SHA1: 8c5ac2ccbdfb9a286b37b6c2b8df3d222bffce01
Description: Spring Boot AutoConfigure
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-boot-autoconfigure-1.5.3.RELEASE.jar
MD5: ed9fd89f47a140124a5e2b6d07517dd9
SHA1: b2b4d4a704f039bf22787cc412b1dd34741821fc
Description: Core starter, including auto-configuration support, logging and YAML
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-boot-starter-1.5.3.RELEASE.jar
MD5: dbed0cb5ae026c536bebed50af82b417
SHA1: 03b966d5e3d422474b7af2e73ae0d371ae02718b
Description: Starter for using Spring Boot's Actuator which provides production
ready features to help you monitor and manage your application
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-boot-starter-actuator-1.5.3.RELEASE.jar
MD5: 27236ef57733bd24d3a6157d5261f0c0
SHA1: f7e3a01f09675d19c53eb60ac48d78d1ff62e5cc
Description: Starter for aspect-oriented programming with Spring AOP and AspectJ
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-boot-starter-aop-1.5.3.RELEASE.jar
MD5: 09eb38091a05ca1cfd3e3bbd2bf2802c
SHA1: 7e75f8ddc608c7aecf944b90888a18c884178371
Description: Starter for using Spring Data JPA with Hibernate
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-boot-starter-data-jpa-1.5.3.RELEASE.jar
MD5: b1947aa4964379985683f4ca915eafd1
SHA1: 67f1d0cc0fdeb20595c54ce3340f048fe3b6f67f
Severity:
Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
SQL injection vulnerability in Pivotal Spring Data JPA before 1.9.6 (Gosling SR6) and 1.10.x before 1.10.4 (Hopper SR4), when used with a repository that defines a String query using the @Query annotation, allows attackers to execute arbitrary JPQL commands via a sort instance with a function call.
Vulnerable Software & Versions: (show all)
Description: Starter for using JDBC with the Tomcat JDBC connection pool
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-boot-starter-jdbc-1.5.3.RELEASE.jar
MD5: a84774d638e02f02389da93edb7f69ff
SHA1: 8f1cdf7364558dd808e575c5815dd1ceaa99bcc5
Description: Starter for logging using Logback. Default logging starter
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-boot-starter-logging-1.5.3.RELEASE.jar
MD5: 4fdfab90d61678a550e75ba40b2d080e
SHA1: ae7f1d938755553b228dd7a7f98aebb0a683c099
Description: Starter for using Java Mail and Spring Framework's email sending
support
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-boot-starter-mail-1.5.3.RELEASE.jar
MD5: 5b2ecf992a8eb846606a60b891015483
SHA1: f6f5d95f49bdbc36088cf5f7e7c02320b6fdad18
Description: Starter for using the CRaSH remote shell to monitor and manage your
application over SSH. Deprecated since 1.5
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-boot-starter-remote-shell-1.5.3.RELEASE.jar
MD5: cdedeba71703cc51c8066903037490cc
SHA1: 92914bef695950bdbdb92df35d11ccd637e1501d
Description: Starter for using Spring Security
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-boot-starter-security-1.5.3.RELEASE.jar
MD5: 10a002cb70047d1b4753f0de0a6f3f1a
SHA1: f814211730a1925389ffa5c033d30d249435fc99
Description: Starter for testing Spring Boot applications with libraries including
JUnit, Hamcrest and Mockito
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-boot-starter-test-1.5.3.RELEASE.jar
MD5: 7ef4b12d43a48dce7b86854f8de6ed82
SHA1: c04072c6637e9a7798ef152dc04581d2644b56ed
Description: Starter for using Tomcat as the embedded servlet container. Default
servlet container starter used by spring-boot-starter-web
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-boot-starter-tomcat-1.5.3.RELEASE.jar
MD5: 4c04660aad3543b38622a2f66e4591a1
SHA1: 1b71416805e0bbf6885ee65aae440adbad0afe60
Description: Starter for building web, including RESTful, applications using Spring
MVC. Uses Tomcat as the default embedded container
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-boot-starter-web-1.5.3.RELEASE.jar
MD5: cd4d64d2f32ae9193f5ec080fbba51a7
SHA1: 37469baf2a75a9d2230391a5038f49d4018d2bcc
Description: Starter for using Spring Web Services
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-boot-starter-web-services-1.5.3.RELEASE.jar
MD5: 1bfe9a7d704cb48b7ac846463dd5e69b
SHA1: 9465d5ccc939e6fbdbb0af822f5414be7b0d4979
Description: Spring Boot Test
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-boot-test-1.5.3.RELEASE.jar
MD5: 9116aa5363615823c80f90902eaeebd1
SHA1: ad57d8bacb4fc147ded7c99806f8693855f5fe29
Description: Spring Boot Test Auto-Configure
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-boot-test-autoconfigure-1.5.3.RELEASE.jar
MD5: 09e9393f9f2316ba70df15eb64e2488e
SHA1: b0469a036d8c23f1d48e1a5bf9c0443ef2aa0fc3
Description: Spring Context
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-context-4.3.8.RELEASE.jar
Description: Spring Context Support
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-context-support-4.3.8.RELEASE.jar
Description: Spring Core
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-core-4.3.8.RELEASE.jar
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-data-commons-1.13.3.RELEASE.jar
MD5: ba49322acc61dcd574f0277a3dd3fd76
SHA1: f8be49f9564b7b8736d8f1ebb55bbf4997c29514
Description: Spring Data module for JPA repositories.
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-data-jpa-1.11.3.RELEASE.jar
MD5: b924f0004504065af93052de1bd4356b
SHA1: 32394b68dd3eb580ace408c0c8b886601cc88288
Description: Spring Expression Language (SpEL)
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-expression-4.3.8.RELEASE.jar
Description: Spring JDBC
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-jdbc-4.3.8.RELEASE.jar
Description: Spring Object/Relational Mapping
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-orm-4.3.8.RELEASE.jar
Description: Spring Object/XML Marshalling
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-oxm-4.3.8.RELEASE.jar
Description: spring-security-config
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-security-config-4.2.2.RELEASE.jar
Description: spring-security-core
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-security-core-4.2.2.RELEASE.jar
Description: spring-security-web
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-security-web-4.2.2.RELEASE.jar
Description: Spring TestContext Framework
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-test-4.3.8.RELEASE.jar
Description: Spring Transaction
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-tx-4.3.8.RELEASE.jar
Description: Spring Web
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-web-4.3.8.RELEASE.jar
Description: Spring Web MVC
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-webmvc-4.3.8.RELEASE.jar
Description: Spring WS Core
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-ws-core-2.4.0.RELEASE.jar
Description: Spring XML
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-xml-2.4.0.RELEASE.jar
Description: The Apache Software Foundation provides support for the Apache community of open-source software projects. The Apache projects are characterized by a collaborative, consensus based development process, an open and pragmatic software license, and a desire to create high quality software that leads the way in its field. We consider ourselves not simply a group of projects sharing a server, but rather a community of developers and users.
License:
http://www.apache.org/licenses/LICENSE-2.0File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\sshd-core-0.11.0.jar
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\sshd-pam-0.11.0.jar
MD5: 7152732150fca60156ccb53f081ad1d9
SHA1: b939ceb742cefc1c632132111b8e4facc41b3d38
Description: Core Tomcat implementation
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\tomcat-embed-core-8.5.14.jar
Severity:
Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-19 Data Handling
It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-254 Security Features
The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the original HTTP method. If the error page is a static file, expected behaviour is to serve content of the file as if processing a GET request, regardless of the actual HTTP method. The Default Servlet in Apache Tomcat 9.0.0.M1 to 9.0.0.M20, 8.5.0 to 8.5.14, 8.0.0.RC1 to 8.0.43 and 7.0.0 to 7.0.77 did not do this. Depending on the original request this could lead to unexpected and undesirable results for static error pages including, if the DefaultServlet is configured to permit writes, the replacement or removal of the custom error page. Notes for other user provided error pages: (1) Unless explicitly coded otherwise, JSPs ignore the the HTTP method. JSPs used as error pages must must ensure that they handle any error dispatch as a GET request, regardless of the actual method. (2) By default, the response generated by a Servlet does depend on the HTTP method. Custom Servlets used as error pages must ensure that they handle any error dispatch as a GET request, regardless of the actual method.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.
Vulnerable Software & Versions:
Severity:
High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.
Vulnerable Software & Versions:
Description: Core Tomcat implementation
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\tomcat-embed-el-8.5.14.jar
Description: Tomcat JDBC Pool Package
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\tomcat-jdbc-8.5.14.jar
Description: Tomcat Core Logging Package
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\tomcat-juli-8.5.14.jar
Description:
Bean Validation API
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\validation-api-1.1.0.Final.jar
Description: Java stub generator for WSDL
License:
CPL: http://www.opensource.org/licenses/cpl1.0.txtFile Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\wsdl4j-1.6.3.jar
Description: Commons XMLSchema is a light weight schema object model that can be used to manipulate or
generate XML schema.
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\xmlschema-core-2.0.1.jar
Description:
Apache XML Security for Java supports XML-Signature Syntax and Processing,
W3C Recommendation 12 February 2002, and XML Encryption Syntax and
Processing, W3C Recommendation 10 December 2002. As of version 1.4,
the library supports the standard Java API JSR-105: XML Digital Signature APIs.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\xmlsec-2.0.8.jar
License:
The BSD License: http://www.opensource.org/licenses/bsd-license.phpFile Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\crash.shell-1.3.2.jar\META-INF/maven/jline/jline/pom.xml
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\assertj-core-2.6.0.jar\META-INF/maven/cglib/cglib-nodep/pom.xml
MD5: 425b3e01685d013cbc5b431afc582104
SHA1: 3d0aad1cd07c4754588acbdb8561e367e457cc1d
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\assertj-core-2.6.0.jar\META-INF/maven/cglib/cglib/pom.xml
MD5: 072045d2914c647e8e37e8c4b387aaf0
SHA1: 23e1de8e375b571cb6c40ef93f04578abc23dfcb